Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cowrie/INSTALL.md

380 lines
11 KiB
Markdown
Raw Normal View History

install
2015-05-12 15:17:42 +00:00
changest
2018-06-27 20:35:16 +00:00
# Installing Cowrie in nine steps.
cosmetic changes on install.md
2015-05-12 15:22:15 +00:00
more updates
2018-06-27 21:03:18 +00:00
* [Step 0: Change sshd listening port](#step-0-change-sshd-listening-port)
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
* [Install without systemd support](#install-without-systemd-support)
* [Step 1: Install dependencies](#step-1-install-dependencies)
* [Step 2: Create a user account](#step-2-create-a-user-account)
* [Step 3: Checkout the code](#step-3-checkout-the-code)
* [Step 4: Setup Virtual Environment](#step-4-setup-virtual-environment)
* [Step 5: Install configuration file](#step-5-install-configuration-file)
* [Step 6: Generate a DSA key (OPTIONAL)](#step-6-generate-a-dsa-key)
* [Step 7: Fixing permissions](#step-7-fixing-permissions)
* [Step 8: Starting Cowrie](#step-8-turning-on-cowrie)
* [Step 9: Port redirection](#step-9-port-redirection)
changest
2018-06-27 20:35:16 +00:00
* [Install with systemd support](#install-with-systemd-support)
* [Step 1: Install dependencies](#step-1-install-dependencies)
* [Step 2: Create a user account](#step-2-create-a-user-account)
* [Step 3: Checkout the code](#step-3-checkout-the-code)
* [Step 4: Setup Virtual Environment](#step-4-setup-virtual-environment)
* [Step 5: Create folders and fix permissions](#step-5-create-folders-and-fix-permissions)
* [Step 6: Install systemd, rsyslog and logrotate configurations](#Install-systemd-rsyslog-and-logrotate-configurations)
* [Step 7: Install cowrie configuration file](#step-5-install-cowrie-configuration-file)
* [Step 8: Starting Cowrie](#step-7-starting-cowrie)
* [Step 9: Capture traffic](#step-8-capture-traffic)
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
* [Optional settings](#optinal-settings)
* [Running within supervisord (OPTIONAL)](#running-using-supervisord)
* [Configure Additional Output Plugins (OPTIONAL)](#configure-additional-output-plugins-optional)
Tiny improvements for the documentation (fixing anchor links) (#317)
2016-10-25 18:43:49 +00:00
* [Troubleshooting](#troubleshooting)
explicitly cover preqeqs
2016-02-04 05:40:28 +00:00
updates
2018-06-27 20:53:15 +00:00
## Step 0: Change sshd listening port
Cowrie is an SSH honeypot. It is likely you will want it to accept
connections on the normal SSH port (22). However, this is the same
port you are likely using for administration. As the first step
modify the SSH listening port for your system.
more updates
2018-06-27 21:03:18 +00:00
As root, modify `/etc/ssh/sshd_config` and set the `Port` variable to a port you like.
updates
2018-06-27 20:53:15 +00:00
```
# systemctl daemon-reload
# systemctl restart ssh.service
```
This will likely disconnect your ssh session. Reconnect using the new port number.
more updates
2018-06-27 21:03:18 +00:00
Cowrie can be installed using `systemd` on modern Linux systems or it can function without.
changest
2018-06-27 20:35:16 +00:00
## Install without systemd support
more updates
2018-06-27 21:03:18 +00:00
This section explains how to install Cowrie on a system without systemd.
changest
2018-06-27 20:35:16 +00:00
updates
2018-06-27 20:53:15 +00:00
**Note**: All commands are run as root
changest
2018-06-27 20:35:16 +00:00
### Step 1: Install dependencies
more updates
2018-06-27 21:03:18 +00:00
Install system-wide support for Python virtual environments
changest
2018-06-27 20:35:16 +00:00
and other dependencies. Actual Python packages are installed later.
On Debian based systems (last verified on Debian 9, 2017-07-25):
```
updates
2018-06-27 20:53:15 +00:00
# apt-get install git python-virtualenv libssl-dev libffi-dev build-essential libpython-dev python2.7-minimal
changest
2018-06-27 20:35:16 +00:00
```
### Step 2: Create a user account
It's strongly recommended to run with a dedicated non-root user id:
```
updates
2018-06-27 20:53:15 +00:00
# useradd -r -s /bin/bash -U -M cowrie
changest
2018-06-27 20:35:16 +00:00
```
### Step 3: Checkout the code
```
updates
2018-06-27 20:53:15 +00:00
# git clone http://github.com/micheloosterhof/cowrie /opt/cowrie
changest
2018-06-27 20:35:16 +00:00
```
### Step 4: Setup Virtual Environment
updates
2018-06-27 20:53:15 +00:00
Next create a virtual environment:
changest
2018-06-27 20:35:16 +00:00
```
updates
2018-06-27 20:53:15 +00:00
# virtualenv /opt/cowrie/cowrie-env
changest
2018-06-27 20:35:16 +00:00
```
Alternatively, create a Python3 virtual environment (under development)
```
more updates
2018-06-27 21:03:18 +00:00
# virtualenv --python=python3 /opt/cowrie/cowrie-env
changest
2018-06-27 20:35:16 +00:00
```
Activate the virtual environment and install packages
```
updates
2018-06-27 20:53:15 +00:00
# source /opt/cowrie/cowrie-env/bin/activate
changest
2018-06-27 20:35:16 +00:00
(cowrie-env) $ pip install --upgrade pip
(cowrie-env) $ pip install --upgrade -r /opt/cowrie/requirements.txt
(cowrie-env) $ deactivate
```
### Step 5: Install configuration file
The configuration for Cowrie is stored in `cowrie.cfg.dist` and
updates
2018-06-27 20:53:15 +00:00
`cowrie.cfg`. Both files are combined on startup, where entries from
changest
2018-06-27 20:35:16 +00:00
cowrie.cfg take precedence. The .dist file can be overwritten by
upgrades, cowrie.cfg will not be touched. To run with a standard
configuration, there is no need to change anything. To enable telnet,
more updates
2018-06-27 21:03:18 +00:00
create cowrie.cfg and input only the following:
changest
2018-06-27 20:35:16 +00:00
```
[telnet]
enabled = true
```
### Step 6: Generate a DSA key (OPTIONAL)
This step should not be necessary, however some versions of Twisted
are not compatible. To avoid problems in advance, run:
```
updates
2018-06-27 20:53:15 +00:00
# cd /opt/cowrie/data
# ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key
changest
2018-06-27 20:35:16 +00:00
```
updates
2018-06-27 20:53:15 +00:00
### Step 7: Setting permissions
Cowrie runs with its own user but we still need to be able
changest
2018-06-27 20:35:16 +00:00
to read/write into some directories
```
updates
2018-06-27 20:53:15 +00:00
# chown -R cowrie:cowrie /opt/cowrie/var
# chown -R cowrie:cowrie /opt/cowrie/log
# chown cowrie:cowrie /opt/cowrie/dl
# chown root:cowrie /opt/cowrie/data
# chmod 775 /opt/cowrie/data
changest
2018-06-27 20:35:16 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
_Note_: You will need to update permissions after you upgrade Cowrie from git.
changest
2018-06-27 20:35:16 +00:00
### Step 8: Starting Cowrie
updates
2018-06-27 20:53:15 +00:00
Start Cowrie with the `bin/cowrie` command. You can add the cowrie/bin
changest
2018-06-27 20:35:16 +00:00
directory to your path if desired. An existing virtual environment
is preserved if activated, otherwise Cowrie will attempt to load
the environment called "cowrie-env"
```
updates
2018-06-27 20:53:15 +00:00
# su cowrie -c '/opt/cowrie/bin/cowrie start'
changest
2018-06-27 20:35:16 +00:00
```
### Step 9: Port redirection
more updates
2018-06-27 21:03:18 +00:00
Cowrie runs by default on port 2222. The following firewall rule
will forward incoming traffic on port 22 to port 2222.
changest
2018-06-27 20:35:16 +00:00
```
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
```
Note that you should test this rule only from another host; it
doesn't apply to loopback connections. Alternatively you can run
authbind to listen as non-root on port 22 directly:
```
$ sudo apt-get install authbind
$ sudo touch /etc/authbind/byport/22
$ sudo chown cowrie:cowrie /etc/authbind/byport/22
$ sudo chmod 770 /etc/authbind/byport/22
```
Or for telnet:
```
$ apt-get install authbind
$ sudo touch /etc/authbind/byport/23
$ sudo chown cowrie:cowrie /etc/authbind/byport/23
$ sudo chmod 770 /etc/authbind/byport/23
```
Edit `bin/cowrie` and modify the `AUTHBIND_ENABLED` setting
Change `listen_port` to `22` in `cowrie.cfg`
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
## Install with systemd support
more updates
2018-06-27 21:03:18 +00:00
This chapter explains how to install Cowrie to your system using systemd.
virtual env instructions
2016-06-01 18:09:44 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
Supported systems are:
- Debian 9 alias Stretch and higher
- Ubuntu 18.04 alias Bionic Beaver and higher
small fixes
2018-06-27 20:23:11 +00:00
**Note**: All commands are run as root.
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Step 1: Install dependencies
more updates
2018-06-27 21:03:18 +00:00
Install system-wide support for Python virtual environments and other dependencies.
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
Actual Python packages are installed later.
small tweaks
2016-09-04 21:00:00 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
On Debian based systems:
move install instructions to INSTALL.md. Update preqreq
2016-06-19 13:39:09 +00:00
```
updates
2018-06-27 20:53:15 +00:00
# apt install git python-virtualenv libssl-dev libffi-dev build-essential libpython-dev python2.7-minimal
move install instructions to INSTALL.md. Update preqreq
2016-06-19 13:39:09 +00:00
```
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Step 2: Create a user account
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
It's strongly recommended to run with a dedicated non-root user id:
install
2015-05-12 15:17:42 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
# useradd -r -s /bin/false -U -M cowrie
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Step 3: Checkout the code
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
# git clone http://github.com/micheloosterhof/cowrie /opt/cowrie
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Step 4: Setup Virtual Environment
small fixes
2018-06-27 20:23:11 +00:00
Next create your virtual environment:
install
2015-05-12 15:17:42 +00:00
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
# virtualenv /opt/cowrie-env
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
Alternatively, create a Python3 virtual environment (under development)
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
# virtualenv --python=python3 /opt/cowrie-env
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
```
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
Activate the virtual environment and install packages
```
more updates
2018-06-27 21:03:18 +00:00
# source /opt/cowrie-env/bin/activate
(cowrie-env) # pip install --upgrade pip
(cowrie-env) # pip install --upgrade -r /opt/cowrie/requirements.txt
(cowrie-env) # deactivate
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
need extra pip upgrade
2017-11-13 06:02:46 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Step 5: Create folders and fix permissions
```
more updates
2018-06-27 21:03:18 +00:00
# chown root:cowrie /opt/cowrie/data
# chmod 0775 /opt/cowrie/data
# mkdir -p /var/lib/cowrie/{downloads,tty}
# chmod -R cowrie:cowrie /var/lib/cowrie
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Step 6: Install systemd, rsyslog and logrotate configurations
changest
2018-06-27 20:35:16 +00:00
This will prepare your system to run Cowrie with systemd, collect all
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
logs to /var/log/cowrie and having logrotate taking care of it.
```
more updates
2018-06-27 21:03:18 +00:00
# cp /opt/cowrie/doc/systemd/etc/logrotate.d/cowrie /etc/logrotate.d
# cp /opt/cowrie/doc/systemd/etc/rsyslog.d/cowrie.conf /etc/rsyslog.d
# cp /opt/cowrie/doc/systemd/etc/systemd/system/* /etc/systemd/system
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
changest
2018-06-27 20:35:16 +00:00
### Step 7: Install Cowrie configurations file
now use both cowrie.cfg.dist and cowrie.cfg
2017-05-17 12:28:13 +00:00
The configuration for Cowrie is stored in cowrie.cfg.dist and
updates
2018-06-27 20:53:15 +00:00
cowrie.cfg. Both files are combined on startup, where entries from
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
cowrie.cfg take precedence. The .dist file can be overwritten by
upgrades, cowrie.cfg will not be touched. To run with a standard
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
configuration, there is no need to change anything. The version below
is prepared to run with systemd:
```
more updates
2018-06-27 21:03:18 +00:00
# cp /opt/cowrie/doc/systemd/cowrie.cfg /opt/cowrie
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
now use both cowrie.cfg.dist and cowrie.cfg
2017-05-17 12:28:13 +00:00
changest
2018-06-27 20:35:16 +00:00
To enable Telnet modify `/opt/cowrie/cowrie.cfg`
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
now use both cowrie.cfg.dist and cowrie.cfg
2017-05-17 12:28:13 +00:00
[telnet]
enabled = true
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
changest
2018-06-27 20:35:16 +00:00
And enable the socket in `/etc/systemd/system/cowrie.socket`
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
ListenStream=2223
```
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Step 8: Starting Cowrie
First we need to reload some other services. This is only needed when
something in the config files changed.
install
2015-05-12 15:17:42 +00:00
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
# systemctl enable cowrie.socket
# systemctl enable cowrie.service
# systemctl daemon-reload
# systemctl restart rsyslog.service
# systemctl restart logrotate.service
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
Start Cowrie:
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
more updates
2018-06-27 21:03:18 +00:00
# systemctl start cowrie.service
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
changest
2018-06-27 20:35:16 +00:00
### Step 9: Accept connections
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
To capture now traffic we have two options:
changest
2018-06-27 20:35:16 +00:00
1. running Cowrie on port 22 (recommended)
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
2. redirecting traffic with iptables
#### Running on port 22
updates
2018-06-27 20:53:15 +00:00
Modify `/etc/systemd/system/cowrie.socket` and set
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
```
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
ListenStream=22
install
2015-05-12 15:17:42 +00:00
```
changest
2018-06-27 20:35:16 +00:00
_Note_: It's important that this is the first ListenStream.
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
Otherwise you might end up mixing SSH and Telnet traffic
install
2015-05-12 15:17:42 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
updates
2018-06-27 20:53:15 +00:00
# systemctl daemon-reload
# systemctl restart ssh.service
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
```
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
small fixes
2018-06-27 20:23:11 +00:00
#### Redirecting traffic
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
All port redirection commands are system-wide and need to be executed as root.
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
typo fix
2016-06-16 12:21:59 +00:00
Cowrie runs by default on port 2222. This can be modified in the configuration file.
better install instructions
2015-05-12 15:20:51 +00:00
The following firewall rule will forward incoming traffic on port 22 to port 2222.
```
small fix
2015-06-23 08:20:12 +00:00
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
better install instructions
2015-05-12 15:20:51 +00:00
```
install
2015-05-12 15:17:42 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
## Optional settings
### Running using Supervisord
_Note_: This is not needed for systems with systemd.
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
Documentation and start script changes to assist with supervisord usage (#346) * * Updating start script to run in the foreground when using supervisord. * Update install documentation to reference use of supervisord and install on OSX * Updating index of INSTALL.md to with reference to supervisord * Adding slack output and db * Restoring start.sh back to default of AUTHBIND_ENABLED=no and DAEMONIZE=no * Updating with pretty formatting of json dump
2016-12-20 07:15:28 +00:00
On Debian, put the below in /etc/supervisor/conf.d/cowrie.conf
```
[program:cowrie]
more changes to start/stop
2017-03-07 19:17:30 +00:00
command=/home/cowrie/cowrie/bin/cowrie start
Documentation and start script changes to assist with supervisord usage (#346) * * Updating start script to run in the foreground when using supervisord. * Update install documentation to reference use of supervisord and install on OSX * Updating index of INSTALL.md to with reference to supervisord * Adding slack output and db * Restoring start.sh back to default of AUTHBIND_ENABLED=no and DAEMONIZE=no * Updating with pretty formatting of json dump
2016-12-20 07:15:28 +00:00
directory=/home/cowrie/cowrie/
user=cowrie
autorestart=true
redirect_stderr=true
```
changest
2018-06-27 20:35:16 +00:00
Update the `bin/cowrie script`, change:
Documentation and start script changes to assist with supervisord usage (#346) * * Updating start script to run in the foreground when using supervisord. * Update install documentation to reference use of supervisord and install on OSX * Updating index of INSTALL.md to with reference to supervisord * Adding slack output and db * Restoring start.sh back to default of AUTHBIND_ENABLED=no and DAEMONIZE=no * Updating with pretty formatting of json dump
2016-12-20 07:15:28 +00:00
```
DAEMONIZE=""
```
to:
```
DAEMONIZE="-n"
```
Add updating instructions
2017-12-13 09:09:36 +00:00
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00
### Configure Additional Output Plugins
add Py3 virtenv and other changes
2017-12-26 06:18:07 +00:00
Cowrie automatically outputs event data to text and JSON log files
in ~/cowrie/log. Additional output plugins can be configured to
record the data other ways. Supported output plugins include:
Expanded MySQL Documentation (#605) (#637) * Expanded MySQL Output Plugin Documentation Per issue #605, I have updated the MySQL documentation for more clarity and updated requirements-output.txt. I also added a small section in INSTALL.md to mention output plugins and where to find more information. * Expanded MySQL Output Plugin Documentation Per issue #605, I have updated the MySQL documentation for more clarity and updated requirements-output.txt. I also added a small section in INSTALL.md to mention output plugins and where to find more information. * Expanded MySQL Output Plugin Documentation Per issue #605, I have updated the MySQL Installation README.md for more clarity and updated. I also added a small section in INSTALL.md to mention output plugins and where to find more information.
2017-11-28 06:50:36 +00:00
* Cuckoo
* ELK (Elastic) Stack
* Graylog
* Kippo-Graph
* Splunk
* SQL (MySQL, SQLite3, RethinkDB)
See ~/cowrie/doc/[Output Plugin]/README.md for details.
Documentation and start script changes to assist with supervisord usage (#346) * * Updating start script to run in the foreground when using supervisord. * Update install documentation to reference use of supervisord and install on OSX * Updating index of INSTALL.md to with reference to supervisord * Adding slack output and db * Restoring start.sh back to default of AUTHBIND_ENABLED=no and DAEMONIZE=no * Updating with pretty formatting of json dump
2016-12-20 07:15:28 +00:00
rewrite of install instructions (#235) * untested improvements to Install.md * fixed missing pycrypto in requirements.txt * table of contents * removing citation * beautification * remove red hat instructions (they were wrong) * PYTHONPATH might need to be set regardless * bugfix * reorganize, sweeping improvements * finishing touches
2016-08-31 18:31:12 +00:00
## Troubleshooting
document workaround for TypeError: must be long, not mpz
2015-09-12 09:47:21 +00:00
formatting in README
2016-09-04 17:23:49 +00:00
* If you see `twistd: Unknown command: cowrie` there are two
now use both cowrie.cfg.dist and cowrie.cfg
2017-05-17 12:28:13 +00:00
possibilities. If there's a python stack trace, it probably means
there's a missing or broken dependency. If there's no stack trace,
formatting in README
2016-09-04 17:23:49 +00:00
double check that your PYTHONPATH is set to the source code directory.
explicitly set umask and document effect
2016-04-26 15:16:49 +00:00
* Default file permissions
install.md reformat
2016-04-27 08:38:05 +00:00
explicitly set umask and document effect
2016-04-26 15:16:49 +00:00
To make Cowrie logfiles public readable, change the ```--umask 0077``` option in start.sh into ```--umask 0022```
install.md reformat
2016-04-27 08:38:05 +00:00
Add updating instructions
2017-12-13 09:09:36 +00:00
# Updating Cowrie
small fixes
2018-06-27 20:23:11 +00:00
Updating is an easy process. First stop your honeypot. Then fetch
updates from GitHub, as a next step upgrade your Python dependencies.
Add updating instructions
2017-12-13 09:09:36 +00:00
```
bin/cowrie stop
git pull
pip install --upgrade -r requirements.txt
bin/cowrie start
```
document pre-post login banner
2018-06-23 17:06:51 +00:00
# Modifying Cowrie
The pre-login banner can be set by creating the file `honeyfs/etc/issue.net`.
The post-login banner can be customized by editing `honeyfs/etc/motd`.
Improve systemd support, fixing bad practises (#792) This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.
2018-06-27 20:14:12 +00:00